<?php
require_once '../dao/dao_login.php';
require_once '../config.php';
require_once '../dao/dao_db.php'; 
$username=$_POST['username'];
$password=$_POST['password'];
if(trim($username)!=''&&trim($password)!=''){// username and password can not be null
	if(is_numeric(trim($username))){//username must be a numeric
		$result=query_user($username,$password);//query user from  db
		if(mysql_num_rows($result)!=0){//if user exist
			$row=mysql_fetch_array($result);
			date_default_timezone_set("Asia/Shanghai");
			$lastlogin = date("Y-m-d G:i:s");
			update_user_status($username,$lastlogin,ONLINE);
			session_start();
			session_cache_limiter('private');
			$_SESSION['userid']=$row['USERID'];
			$_SESSION['password']=$row['PASSWORD'];
			$_SESSION['username']=$row['USERNAME'];
			$_SESSION['level']=$row['LEVEL'];
			mysql_close();
			header('Location: ../home.php');
		}else{//if user does not exist
			header('Location: ../login.php?msg=nosuchuser&username='.$username);
		}
	}else{//username is not a numeric
		header('Location: ../login.php?msg=useriderror');
	}
}else{// username or password is null
	header('Location: ../login.php');
}
?>